Privilege escalation vulnerabilities in Windows kernel

Description

Multiple serious vulnerabilities have been found in Microsoft Windows kernel. Malicious users can exploit these vulnerabilities to gain privileges.

Below is a complete list of vulnerabilities:

1. An improper check of a buffer length (prior to copying memory to the buffer) can be exploited remotely to gain privileges;
2. An incorrect permission enforcement done by Windows Kernel API can be exploited remotely via a specially designed application to gain privileges;
3. An improper handling of objects in memory in Windows Transaction Manager can be exploited remotely via a specially designed application to gain privileges;
4. An improper handling of registry objects in memory in Windows Kernel API can be exploited remotely via a specially designed application to gain privileges.

---

Technical details

Vulnerability (1) can be exploited only is malicious user has an access to the target system and have proper permissions to copy a file to a shared drive or folder.

Original advisories

• MS17-017

• CVE-2017-0102
• CVE-2017-0103
• CVE-2017-0101
• CVE-2017-0050

Exploitation

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

• Microsoft-Windows-Vista-4
• Microsoft-Windows-Server-2012
• Microsoft-Windows-7
• Microsoft-Windows-Server-2008
• Windows-RT
• Microsoft-Windows-10

CVE list

• CVE-2017-0102
  warning
• CVE-2017-0103
  warning
• CVE-2017-0101
  high
• CVE-2017-0050
  high

KB list

• 4012217
• 4012215
• 4012216
• 4012606
• 4013198
• 4013429
• 4012212
• 4012214
• 4012213
• 4011981
• 4013081

Read more

Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com